The invention relates to the field of data security, and more particularly to the field of user authentication in data processing systems.
In data processing systems it is known to employ authentication devices, sometimes referred to as “tokens”, as part of an authentication operation by which a user becomes authenticated to the system and given access to system resources. The token may be a specialized portable device using either specialized circuitry or specially programmed processing circuitry, or in some cases it may be realized in a generic hardware device (e.g., personal computing device such as PC or smartphone) using special token software that is executed to provide the token functionality. Typically the token includes a secret value that is used as an encryption key or similar constituent of a calculation that generates authentication codes that are provided to the system to authenticate the user. The system has corresponding functionality, perhaps including the same secret value or an associated secret value that can be used in a calculation to confirm that an authentication code received from the user was generated by an authenticator registered to the user, indicating that the user is authenticated and properly identified to the system. The use of authentication devices is one example of so-called “multi-factor” authentication used for enhanced security. Beyond the usual factor of a password or similar item known by the user, the presentation of a valid authentication code also indicates that the user is in possession of a valid authenticator, providing further confidence that the user is who he/she purports to be.